Class: Net::IMAP::SASL::OAuthBearerAuthenticator
- Inherits:
-
OAuthAuthenticator
- Object
- OAuthAuthenticator
- Net::IMAP::SASL::OAuthBearerAuthenticator
- Defined in:
- lib/net/imap/sasl/oauthbearer_authenticator.rb
Overview
Authenticator for the “OAUTHBEARER
” SASL mechanism, specified in RFC7628. Authenticates using OAuth 2.0 bearer tokens, as described in RFC6750. Use via Net::IMAP#authenticate.
RFC6750 requires Transport Layer Security (TLS) to secure the protocol interaction between the client and the resource server. TLS MUST be used for OAUTHBEARER
to protect the bearer token.
Constant Summary
Constants included from GS2Header
GS2Header::NO_NULL_CHARS, GS2Header::RFC5801_SASLNAME
Instance Attribute Summary collapse
-
#oauth2_token ⇒ Object
(also: #secret)
readonly
An OAuth 2.0 bearer token.
Attributes inherited from OAuthAuthenticator
#authzid, #host, #last_server_response, #mthd, #path, #port, #post, #qs
Instance Method Summary collapse
-
#authorization ⇒ Object
Value of the HTTP Authorization header.
-
#initial_response? ⇒ Boolean
:call-seq: initial_response? -> true.
-
#initialize(arg1 = nil, arg2 = nil, oauth2_token: nil, secret: nil, **args, &blk) ⇒ OAuthBearerAuthenticator
constructor
:call-seq: new(oauth2_token, **options) -> authenticator new(authzid, oauth2_token, **options) -> authenticator new(oauth2_token:, **options) -> authenticator.
Methods inherited from OAuthAuthenticator
#done?, #initial_client_response, #process
Methods included from GS2Header
#gs2_authzid, #gs2_cb_flag, #gs2_header, gs2_saslname_encode
Constructor Details
#initialize(arg1 = nil, arg2 = nil, oauth2_token: nil, secret: nil, **args, &blk) ⇒ OAuthBearerAuthenticator
:call-seq:
new(oauth2_token, **options) -> authenticator
new(authzid, oauth2_token, **options) -> authenticator
new(oauth2_token:, **options) -> authenticator
Creates an Authenticator for the “OAUTHBEARER
” SASL mechanism.
Called by Net::IMAP#authenticate and similar methods on other clients.
Parameters
-
#oauth2_token — An OAuth2 bearer token
All other keyword parameters are passed to super (see OAuthAuthenticator). The most common ones are:
-
optional #authzid ― Authorization identity to act as or on behalf of.
optional #username — An alias for #authzid.
Note that, unlike some other authenticators,
username
sets the authorization identity and not the authentication identity. The authentication identity is established for the client by #oauth2_token. -
optional #host — Hostname to which the client connected.
-
optional #port — Service port to which the client connected.
Although only oauth2_token is required by this mechanism, it is worth noting that application protocols are allowed to require #authzid (or other parameters, such as #host or #port) as are specific server implementations.
177 178 179 180 181 182 183 184 |
# File 'lib/net/imap/sasl/oauthbearer_authenticator.rb', line 177 def initialize(arg1 = nil, arg2 = nil, oauth2_token: nil, secret: nil, **args, &blk) username, oauth2_token_arg = arg2.nil? ? [nil, arg1] : [arg1, arg2] super(username: username, **args, &blk) @oauth2_token = oauth2_token || secret || oauth2_token_arg or raise ArgumentError, "missing oauth2_token" end |
Instance Attribute Details
#oauth2_token ⇒ Object (readonly) Also known as: secret
An OAuth 2.0 bearer token. See RFC-6750
141 142 143 |
# File 'lib/net/imap/sasl/oauthbearer_authenticator.rb', line 141 def oauth2_token @oauth2_token end |
Instance Method Details
#authorization ⇒ Object
Value of the HTTP Authorization header
193 |
# File 'lib/net/imap/sasl/oauthbearer_authenticator.rb', line 193 def ; "Bearer #{oauth2_token}" end |
#initial_response? ⇒ Boolean
:call-seq:
initial_response? -> true
OAUTHBEARER
sends an initial client response.
190 |
# File 'lib/net/imap/sasl/oauthbearer_authenticator.rb', line 190 def initial_response?; true end |